{% set protocol = salt['pillar.get']('default:OMV_SSHD_PROTOCOL', '2') -%}
{% set syslogFacility = salt['pillar.get']('default:OMV_SSHD_SYSLOGFACILITY', 'AUTH') -%}
{% set logLevel = salt['pillar.get']('default:OMV_SSHD_LOGLEVEL', 'INFO') -%}
{% set loginGraceTime = salt['pillar.get']('default:OMV_SSHD_LOGINGRACETIME', '120') -%}
{% set strictModes = salt['pillar.get']('default:OMV_SSHD_STRICTMODES', 'yes') -%}
{% set pubkeyAuthentication = salt['pillar.get']('default:OMV_SSHD_PUBKEYAUTHENTICATION', 'yes') -%}
{% set ignoreRhosts = salt['pillar.get']('default:OMV_SSHD_IGNORERHOSTS', 'yes') -%}
{% set hostbasedAuthentication = salt['pillar.get']('default:OMV_SSHD_HOSTBASEDAUTHENTICATION', 'no') -%}
{% set permitEmptyPasswords = salt['pillar.get']('default:OMV_SSHD_PERMITEMPTYPASSWORDS', 'no') -%}
{% set challengeResponseAuthentication = salt['pillar.get']('default:OMV_SSHD_CHALLENGERESPONSEAUTHENTICATION', 'no') -%}
{% set x11Forwarding = salt['pillar.get']('default:OMV_SSHD_X11FORWARDING', 'yes') -%}
{% set x11DisplayOffset = salt['pillar.get']('default:OMV_SSHD_X11DISPLAYOFFSET', '10') -%}
{% set printMotd = salt['pillar.get']('default:OMV_SSHD_PRINTMOTD', 'no') -%}
{% set printLastLog = salt['pillar.get']('default:OMV_SSHD_PRINTLASTLOG', 'yes') -%}
{% set tcpKeepAlive = salt['pillar.get']('default:OMV_SSHD_TCPKEEPALIVE', 'yes') -%}
{% set acceptEnv = salt['pillar.get']('default:OMV_SSHD_ACCEPTENV', 'LANG LC_*') -%}
{% set subsystemSftp = salt['pillar.get']('default:OMV_SSHD_SUBSYSTEM_SFTP', '/usr/lib/openssh/sftp-server') -%}
{% set usePAM = salt['pillar.get']('default:OMV_SSHD_USEPAM', 'yes') -%}
{% set allowGroups = salt['pillar.get']('default:OMV_SSHD_ALLOWGROUPS', 'root _ssh') -%}
{% set addressFamily = salt['pillar.get']('default:OMV_SSHD_ADDRESSFAMILY', 'any') -%}
{% set authorizedKeysFileDir = salt['pillar.get']('default:OMV_SSHD_AUTHORIZEDKEYSFILE_DIR', '/var/lib/openmediavault/ssh/authorized_keys') -%}
{% set authorizedKeysFile = salt['pillar.get']('default:OMV_SSHD_AUTHORIZEDKEYSFILE', '.ssh/authorized_keys .ssh/authorized_keys2 ' ~  authorizedKeysFileDir ~ '/%u') -%}
{{ pillar['headers']['multiline'] }}
Protocol {{ protocol }}
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility {{ syslogFacility }}
LogLevel {{ logLevel }}
LoginGraceTime {{ loginGraceTime }}
StrictModes {{ strictModes }}
IgnoreRhosts {{ ignoreRhosts }}
HostbasedAuthentication {{ hostbasedAuthentication }}
PermitEmptyPasswords {{ permitEmptyPasswords }}
ChallengeResponseAuthentication {{ challengeResponseAuthentication }}
X11Forwarding {{ x11Forwarding }}
X11DisplayOffset {{ x11DisplayOffset }}
PrintMotd {{ printMotd }}
PrintLastLog {{ printLastLog }}
TCPKeepAlive {{ tcpKeepAlive }}
AcceptEnv {{ acceptEnv }}
Subsystem sftp {{ subsystemSftp }}
UsePAM {{ usePAM }}
AllowGroups {{ allowGroups }}
AddressFamily {{ addressFamily }}
Port {{ config.port }}
{% if not config.permitrootlogin | to_bool -%}
PermitRootLogin no
{% endif -%}
{% if config.permitrootlogin | to_bool and not config.passwordauthentication | to_bool -%}
PermitRootLogin without-password
{% endif -%}
{% if config.permitrootlogin | to_bool and config.passwordauthentication | to_bool -%}
PermitRootLogin yes
{% endif -%}
AllowTcpForwarding {{ config.tcpforwarding | to_bool | yesno }}
Compression {{ config.compression | to_bool | yesno }}
PasswordAuthentication {{ config.passwordauthentication | to_bool | yesno }}
{% if config.pubkeyauthentication | to_bool -%}
AuthorizedKeysFile {{ authorizedKeysFile }}
{% endif -%}
PubkeyAuthentication {{ config.pubkeyauthentication | to_bool | yesno }}
{% if config.extraoptions | length > 0 -%}
{{ config.extraoptions }}
{% endif -%}
